very strange but it still boils down to a problem with the security setup on the server which is your host's concern. If they are not setup to stop a ddos then I would seriously look for a different host.

robert

Iam pretty sure 99% of the shared hosting is not able to cope with a major ddos. Even large companies like banks are not able to, and they spent huge amounts of money on it.

First and foremost find a host that is going to work with you on this. There should be no expectation that a host is going to stand behind you 100% unless you are paying a lot of money because blocking a DDOS can get very expensive. There should be an expectation they will work with you for limited time.

Depending on what type of attack and the scale this is unlikely to be helpful for most of them, you need to stop it before it gets to the server. Trying to block an attack with the firewall is difficult let alone trying to do it with .htaccess rules because the server still needs to process those requests. Note that the Cloudflare firewall can be configure to black countries but this is completely different because those requests never get to the origin server.

2) Introduce Cloudflare, and install the Cloudflare extension for IP.

Cloudflare can stop this but you need to protect the origin IP because if that is exposed they can just go after the IP making Cloudflare useless

Cloudflare does not allow email over their network which means the IP can be exposed simply by someone registering. Emails need to be sent from a different IP, email service on it's own server is ideal but that adds more expense. If you are using WHM/Cpanel it can be set to send email through the main IP which should be different than the IP your domain is on. This of course would not prevent them attacking that IP but it can then be null routed and you would only lose email service. Hosts typically allocate IP's in order so make sure the IP your domain is on is not right next door to the one sending email.

You also need to disable any feature in phpBB that exposes the IP like remote avatar uploads.

The other major thing you want to do since all legitimate traffic should be coming form Cloudlfare IP's is to firewall ports 80 and 443 except for Cloudlfare IP's. If they know your host which can be guessed from the IP of the email they will run a bot across your hosts IP ranges and make a request for unique file(s) on your site which is basically like a fingerprint.

You also need to install mod_cloudflare on the server so the users IP is passed to applications like phpBB, logging etc. If that is not possible there is an extension for phpBB but that only works for phpBB.

Beyond that explore the options in CSF if you are using it, there is specific settings you can enable that will help mitigate an attack. CSF also has configurable option to work with Cloudlfare so any IP's banned can be directly added to Cloudflares's firewall.

I know this is a mouthful especially if you are on shared hosting but these are some of things you need to do if you expect to stop or mitigate future attacks.

According to the ISP it was only my board - they still haven't provided suitable evidence on this point yet. My Google Analytics don't match what the ISP reported.

You need to look at the access logs on the server. The computers carrying out this attack would not be loading any external Javascript code such as the one provided for Google analytics. In fact this one of the techniques they use where nothing is loaded, they open a connection and let the connection hang as the server is waiting for an expected response before sending the page.

On reasons, this is purely speculative, but I experienced some domain name arguments with a Chinese firm last year.

It could be anyone and unless they come forward you will likely never know for sure.